Back to Contents Page

Remote Access Service

Dell OpenManage™ Server Administrator Version 1.6 User's Guide

  Overview

  Hardware Prerequisites

  Software Prerequisites

  Adding and Configuring RAC Users

  Configuring an Existing RAC User

  Configuring the RAC Network Properties

  Configuring the RAC Alert Properties

  Configuring DRAC III Dial-in (PPP) Users and Modem Settings

  Configuring the RAC Remote Features Properties

  Configuring RAC Security

  Accessing and Using a Remote Access Controller

Overview

The Server Administrator Remote Access Service provides a complete remote system management solution for SNMP- and CIM-instrumented systems equipped with a Dell™ Remote Access Card (DRAC) III, a DRAC III/XT, an Embedded Remote Access (ERA) controller, an ERA Option (ERA/O) card, or an ERA/MC controller. These hardware and software solutions are collectively known as remote access controllers (RACs).

The Remote Access Service provides remote access to an inoperable system, allowing you to get the system up and running as quickly as possible. The Remote Access Service also provides alert notification when a system is down and allows you to remotely restart a system. Additionally, the Remote Access Service logs the probable cause of system crashes and saves the most recent crash screen.

You can log into the Remote Access Service through the Server Administrator home page or by directly accessing the controller's IP address using a supported browser.

See the Server Administrator Command Line Interface User's Guide and the Dell Remote Access Controller Racadm User's Guide for information about running the Remote Access Service from the command line.

When using the Remote Access Service, you can click Help on the global navigation bar for more detailed information about the specific window you are viewing. Remote Access Service help is available for all windows accessible to the user based on user privilege level and the specific hardware and software groups that Server Administrator discovers on the managed system.

NOTE: The Remote Access Service is not available on modular systems. You must directly connect to the remote access controller (RAC) on a modular system. See the Dell Embedded Remote Access/MC Controller User's Guide for more information.

NOTE: See the Dell Remote Access Controller Installation and Setup Guide for complete information about installing and configuring a DRAC III, a DRAC III/XT, or an ERA/O controller, configuring an ERA controller, and using a RAC to remotely access an inoperable system. See the Dell Embedded Remote Access/MC Controller User's Guide for complete information about configuring and using an ERA/MC controller to remotely manage and monitor your modular system and its shared resources through a network.

Hardware Prerequisites

The managed system must have a RAC installed to use the Remote Access Service.

For a list of specific hardware requirements for your RAC, see the readme file for your remote access controller on the Systems Management CD and the Dell Remote Access Controller Installation and Setup Guide or the Dell Embedded Remote Access/MC Controller User's Guide on the documentation CD.

NOTE: The RAC software is installed as part of the Express Setup and Custom Setup installation options when installing managed system software from the Systems Management CD, provided that the managed system meets all of your RAC's installation prerequisites. See the appropriate RAC documentation for complete software and hardware requirements.

Software Prerequisites

The managed system must have the RAC software installed. See the Dell Remote Access Controller Installation and Setup Guide or the Dell Embedded Remote Access/MC Controller User's Guide for a complete list of software installation prerequisites.

NOTE: The RAC software is installed as part of the Express Setup and Custom Setup installation options when installing managed system software from the Systems Management CD, provided that the managed system meets all of your RAC's installation prerequisites. See the appropriate RAC documentation for complete software and hardware requirements.

Adding and Configuring RAC Users

NOTE: You must have Admin privileges in Server Administrator to use the Remote Access Service.

The RAC can store information for up to 16 users. The Remote Access Service provides security by requiring a user to provide a user name and password prior to establishing a remote connection. The Remote Access Service can also provide paging services to notify users if the system crashes, loses power, or experiences a defined list of other events. Paging services are only available for DRAC III cards.

To create a RAC user, perform the following steps:

1. Click the Main System Chassis object on the Server Administrator home page, and then click the Remote Access Controller object.
   
   
2. Click the Users tab.
   
   

The Remote Access Controller Users window appears.

3. Click Add.
   
   

The Add Remote Access Controller User window appears.

4. Type a user name in the User Name field.
   
   
5. Type a new password in the New Password field.
   
   
6. Type the new password again in the Confirm Password field.
   
   
7. Configure numeric paging (for DRAC III users only):
   
   
   1. Click the check box next to Enable Numeric Paging and enter a pager number in the Pager Number field.
      
      
   2. Enter the numeric message in the Numeric Message field that you want the RAC to send when it receives certain events.
      
      
8. Configure e-mail paging:
   
   
   1. Click the check box next to Enable Email Paging and enter an e-mail address in the Email Address field.
      
      
   2. Enter the message in the Message field that you want the RAC to send when it receives certain events.
      
      
9. Configure alphanumeric paging (for DRAC III users only):
   
   
   1. Click the check box next to Enable Alpha-Numeric Paging and enter a pager number in the Pager Number field.
      
      
   2. Select the alphanumeric protocol used by the pager's service provider, 7E0 or 8N1.
      
      
   3. Select the pager's baud rate, 300 or 1200.
      
      
   4. Enter the message in the Custom Message field that you want the RAC to send when it receives certain events.
      
      
   5. Enter the pager's PIN in the Pager ID field, and then, if required, enter a pager password in the Pager Password field.
      
      
   6. Click Apply Changes at the bottom of the window.
      
      
10. Under Severity Configuration, specify the trap and the severity that the trap must have to trigger a paging action from the RAC.
    
    

Traps enable you to configure the RAC to respond to alert conditions from the system's ESM hardware or to other conditions such as operating system crashes or power failures.

The first (left-most) column of check boxes corresponds to the severity level Informational, the second column corresponds to the severity level Warning, and the third column corresponds to the severity level Critical. The last seven events can only report the severity level Informational.

11. Click Apply Changes and then click OK to save the alert, paging, and user configuration to the Server Administrator data repository.
    
    

Server Administrator returns to the Users tab. The user you just created and configured is displayed in the User Name list.

Configuring an Existing RAC User

NOTE: You must have Admin privileges in Server Administrator to use the Remote Access Service.

To configure a RAC user, perform the following steps:

1. Click the Main System Chassis object on the Server Administrator home page, and then click the Remote Access Controller object.
   
   
2. Click the Users tab.
   
   

The Remote Access Controller Users window appears.

3. Click the user name for the user you want to configure.
   
   
4. Change the password:
   
   
   1. Click the check box next to Change Password and type a new password in the Password field.
      
      
   2. Type the new password again in the Confirm Password field.
      
      

NOTE: If you delete all RAC users by using Server Administrator, you must stop and start the Dell OpenManage Server Agent service to display the updated list of users.

5. Configure numeric paging (for DRAC III users only):
   
   
   1. Click the check box next to Enable Numeric Paging and enter a pager number in the Pager Number field.
      
      
   2. Enter the numeric message in the Numeric Message field that you want the RAC to send when it receives certain events.
      
      
6. Configure e-mail paging:
   
   
   1. Click the check box next to Enable Email Paging and enter an e-mail address in the Email Address field.
      
      
   2. Enter the message in the Message field that you want the RAC to send when it receives certain events.
      
      
7. Configure alphanumeric paging (for DRAC III users only):
   
   
   1. Click the check box next to Enable Alpha-Numeric Paging and enter a pager number in the Pager Number field.
      
      
   2. Select the alphanumeric protocol used by the pager's service provider, 7E0 or 8N1.
      
      
   3. Select the pager's baud rate, 300 or 1200.
      
      
   4. Enter the message in the Custom Message field that you want the RAC to send when it receives certain events.
      
      
   5. Enter the pager's PIN in the Pager ID field, and then, if required, enter a pager password in the Pager Password field.
      
      
   6. Click Apply Changes at the bottom of the window.
      
      
8. Under Severity Configuration, specify the trap and the severity that the trap must have to trigger a paging action from the RAC.
   
   

Traps enable you to configure the RAC to respond to alert conditions from the system's ESM hardware or to other conditions such as operating system crashes or power failures.

The first (left-most) column of check boxes corresponds to the severity level Informational, the second column corresponds to the severity level Warning, and the third column corresponds to the severity level Critical. The last seven events can only report the severity level Informational.

9. Click Apply Changes and then click OK to save the alert, paging, and user configuration to the Server Administrator data repository.
   
   

Server Administrator returns you to the Users tab.

Configuring the RAC Network Properties

NOTE: You must have Admin privileges in Server Administrator to use the Remote Access Service.

Your RAC contains an integrated 10BASE-T/100BASE-T Ethernet NIC and supports TCP/IP. The NIC has a default address of 192.168.20.1 and a default gateway of 192.168.20.1.

NOTE: If your RAC is configured to the same IP address as another NIC on the same network, an IP address conflict occurs. The RAC stops responding to network commands until the IP address is changed on the RAC. The RAC must be reset even if the IP address conflict is resolved by changing the IP address of the other NIC.

NOTE: Changing the IP address of the RAC causes the RAC to reset. If SNMP polls the RAC before it initializes, a temperature warning is logged because the correct temperature is not transmitted until the RAC is initialized.

To configure the network properties of your RAC, perform the following steps:

1. Click the Main System Chassis object on the Server Administrator home page, and then click the Remote Access Controller object.
   
   
2. Click the Configuration tab.
   
   

The Configure Network Properties window appears.

3. Click the check box next to Enable NIC (this option is selected by default).
   
   
4. To have the DHCP system assign the NIC information, click the check box next to Use DHCP (For NIC IP Address). If you do not, clear (deselect) this check box and enter the RAC's NIC information in the Static IP Address, Static Subnet Mask, and Static Gateway Address fields.
   
   
5. Enable dial-in networking (for DRAC III users only):
   
   
   1. Click the check box next to Enable Dial-In (this option is selected by default).
      
      
   2. To have the DHCP system assign the dial-in information, click the check box next to Use DHCP (For Dial-In IP Address). If you do not, clear (deselect) this check box and enter the DRAC III modem's base IP Address in the Base IP Address field.
      
      
   3. Specify the Dial-In Authentication settings that dial-in connections require:
      
      
      • Any — Allows the connection to use any type of encryption, including no encryption
        
        
      • Encrypted — Requires the connection to use some type of encryption
        
        
      • CHAP — Requires the connection to use the CHAP
        
        
6. To enable SMTP server address control, click the check box next to Enable SMTP, and type the SMTP server address in the SMTP (Email) Server Address field.
   
   
7. Click Apply Changes and click OK to save your changes.
   
   

Configuring the RAC Alert Properties

RACs can be configured to respond to alert conditions from the system's ESM or to other conditions such as operating-system crashes or power failures.

RACs offer the following types of alert actions:

• Alphanumeric paging (DRAC IIIs only) (See "Adding and Configuring RAC Users" for information about configuring this type of alert action.)
  
  
• Numeric paging (DRAC IIIs only) (See "Adding and Configuring RAC Users" for information about configuring this type of alert action.)
  
  
• E-mail (See "Adding and Configuring RAC Users" for information about configuring this type of alert action.)
  
  
• SNMP traps (See the following subsection for information about configuring this type of alert action.)
  
  

Configuring the SNMP Alert Properties

NOTE: You must have Admin privileges in Server Administrator to use the Remote Access Service.

To configure the Remote Access Service alert properties, perform the following steps:

1. Click the Main System Chassis object on the Server Administrator home page, and then click the Remote Access Controller object.
   
   
2. Click the Configuration tab.
   
   
3. Click SNMP.
   
   
4. Click Add or click the Destination IP Address to edit existing SNMP alert properties.
   
   
5. Click the check box next to Enable SNMP Trap, if a check isn't already in the check box.
   
   
6. Enter the SNMP community name to which the destination management station belongs in the Community field.
   
   
7. Enter a destination IP address of the management station to which you want the RAC to send SNMP traps when an event occurs in the IP Address field.
   
   
8. Use the check boxes under Severity Configuration to specify the events and the severity level that those events must have to trigger an alert action from the RAC.
   
   

The first (left-most) column of check boxes corresponds to the severity level Informational, the second column corresponds to the severity level Warning, and the third column corresponds to the severity level Critical. The last seven events can only report the severity level Informational.

9. Click Apply Changes and then click OK to save your changes.
   
   

Configuring DRAC III Dial-in (PPP) Users and Modem Settings

Dial-in (PPP) users and modem features are currently only available for the DRAC III.

Adding and Configuring a DRAC III Dial-In (PPP) User

NOTE: You must have Admin privileges in Server Administrator to use the Remote Access Service.

This subsection describes how to add and configure a dial-in (PPP) user. After dial-in users are authenticated, they must enter the RAC user authentication at the remote access controller login screen to access the DRAC III.

NOTE: The Server Administrator managed-system PPP client uses the 192.168.234.235 network to talk with the installed DRAC III. It is possible that this network IP address could already be in use by other systems or applications. If this situation occurs, the PPP connection fails to operate. If this address is already in use, the user is required to change the managed-system PPP client IP address to a different number. To change the managed-system PPP server IP address to use another network so that conflicts do not occur, you must use the racadm utility. See the Dell Remote Access Controller Racadm User's Guide for information about using the racadm utility.

To add and configure dial-in users, perform the following steps:

1. On the Server Administrator home page, click the Main System Chassis object, and then click the Remote Access Controller object.
   
   
2. Click the Configuration tab.
   
   
3. Click Dial-In Users.
   
   
4. Click Add.
   
   
5. Type a user name in the User Name field.
   
   
6. Type a new password in the Password field.
   
   
7. Type a callback number in the Callback Number field.
   
   

This number is the one the Remote Access Service calls if Callback Type is set to Preset.

8. Select a setting from the Callback Type drop-down menu:
   
   
   • None — When called, the Remote Access Service does not disconnect and call back; the connection remains active.
     
     
   • Preset — When called, the Remote Access Service disconnects and calls the number specified in the Callback Number field; this setting activates the callback number control.
     
     
   • User Specified — When called, the Remote Access Service asks the user for the callback number. Then the Remote Access Service disconnects and calls the number the user specified.
     
     
9. Click Apply Changes and then click OK to save your changes.
   
   

Adding and Configuring DRAC III Demand Dial-Out Entries

NOTE: You must have Admin privileges in Server Administrator to use the Remote Access Service.

If you set the dial-in (PPP) setting to Preset, the demand dial-out entry causes the Remote Access Service to disconnect and call the management station back at a preset number. Upon callback, you must provide your RAC user authentication to access the Remote Access Service.

NOTE: The RAC managed system software uses a PPP connection to talk to the installed RAC. The IP address for this PPP connection is 192.168.234.235. It is possible that this network IP address could already be in use by other systems or applications. If this situation occurs, the PPP connection fails to operate. If this address is already in use, the user is required to change the managed-system PPP client IP address to a different number. To change the managed-system PPP server IP address to use another network so that conflicts do not occur, you must use the racadm utility. See the Dell Remote Access Controller Racadm User's Guide for information about using the racadm utility.

To add a demand dial-out entry, perform the following steps:

1. On the Server Administrator home page, click the Main System Chassis object, and then click the Remote Access Controller object.
   
   
2. Click the Configuration tab.
   
   
3. Select Demand Dial-Out.
   
   
4. Click Add.
   
   
5. Enter the management station IP address that the Remote Access Service calls back when called by this user.
   
   
6. Enter the phone number used by the system's modem in the Phone Number field.
   
   
7. Enter the user name for the demand dial-out user in the User Name field.
   
   
8. Enter the password for the demand dial-out user in the Password field.
   
   
9. Select a setting from the Authentication drop-down menu:
   
   
   • Any — Allows the connection using any type of encryption, including no encryption
     
     
   • Encrypted — Requires the connection to use some type of encryption
     
     
   • CHAP — Requires the connection to use the CHAP
     
     
10. Click Apply Changes and click OK to save your changes.
    
    

Configuring the DRAC III Modem Settings

NOTE: You must have Admin privileges in Server Administrator to use the Remote Access Service.

If your DRAC III kit includes the optional PCMCIA modem, you must configure the modem prior to use.

To configure the DRAC III modem, perform the following steps:

1. On the Server Administrator home page, click the Main System Chassis object, and then click the Remote Access Controller object.
   
   
2. Click the Configuration tab.
   
   
3. Click Modem.
   
   
4. For Dial Mode, choose either Pulse or Tone.
   
   
5. From the Country Code drop-down menu, select the country where the DRAC III is located.
   
   
6. For Initialization String, enter the required initialization string for the DRAC III modem in the text field.
   
   
7. Select a Baud Rate setting from the drop-down menu (the default is 38400).
   
   
8. Click Apply Changes, and then click OK to save your changes.
   
   

Configuring the RAC Remote Features Properties

NOTE: You must have Admin privileges in Server Administrator to use the Remote Access Service.

If the local boot image on the managed system has been corrupted, a RAC has the ability to boot its host server using a diskette boot image that it downloads from a Trivial File Transfer Protocol (TFTP) server. This feature is called remote floppy boot. A RAC can also update its firmware using a firmware image located on a TFTP server. This feature is called remote firmware update, and the process is similar to flashing a system BIOS.

To configure the remote floppy boot feature and the remote firmware update feature of your RAC, perform the following steps:

1. Click the Main System Chassis object on the Server Administrator home page, and then click the Remote Access Controller object.
   
   
2. Click the Configuration tab.
   
   

The Configure Network Properties window appears.

3. Click Remote Features.
   
   

The Remote Properties window appears.

4. Click the check box next to Enable Remote Floppy Boot to configure the remote boot parameters,
   
   
5. Configure the RAC's remote boot parameters:
   
   
   1. Click the check box next to Enable Remote Floppy Boot.
      
      
   2. Type the TFTP server's IP address in the Remote Floppy TFTP Address field.
      
      
   3. Type the boot image filename in the Remote Floppy TFTP Path field. The path must be relative to the root directory of the TFTP server.
      
      
6. Configure the RAC's firmware update parameters:
   
   
   1. Click the check box next to Enable Remote Firmware Update.
      
      
   2. Type the TFTP server's IP address in the Remote Firmware TFTP Address field.
      
      
   3. Type the firmware image filename in the Remote Firmware Update Path field. The path must be relative to the root directory of the TFTP server.
      
      
7. Click Apply Changes and click OK to save your changes.
   
   

Configuring RAC Security

NOTE: You must have Admin privileges in Server Administrator to use the Remote Access Service.

NOTE: See the Dell Remote Access Controller Installation and Setup Guide for more information about RAC security features.

To configure your RAC security from the Server Administrator home page, click System→ Main System Chassis→ Remote Access Controller and then click the Security tab. Under the Security tab, you can perform CSR certificate management and set RAC user login authentication options.

Certificate Management

Use the Certificate Management window to generate a certificate signing request (CSR), upload a server certificate or certificate authority (CA) certificate to the RAC firmware, or view an existing server certificate or CA certificate. From the Certificate Management window, the following options are available:

• Generating a CSR
  
  
• Uploading a Certificate
  
  
• Viewing a Certificate
  
  

A CSR is a digital request to a CA for a secure server certificate. Secure server certificates ensure the identity of a remote system and ensure that information exchanged with the remote system cannot be viewed or changed by others. To ensure the security for your RAC, it is strongly recommended that you generate a CSR, submit the CSR to a CA, and upload the certificate returned from the CA.

A certificate authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thwate and VeriSign. Once the CA receives your CSR, they review and verify the information the CSR contains. If the applicant meets the CA's security standards, the CA issues a certificate to the applicant that uniquely identifies that applicant for transactions over networks and on the internet.

After the CA approves the CSR and sends you a certificate, you must upload the certificate to the RAC firmware. The CSR information stored on the RAC firmware must match the information contained in the certificate.

Generating a CSR

NOTICE: Each new CSR overwrites any pervious CSR on the firmware. It is crucial that the CSR on the firmware matches the certificate returned from a CA.

1. From the Certificate Management window, select the Generate a new CSR option and click Next.
   
   

The Certificate Signing Request (CSR) Generation window appears.

2. Type a value or choose a value from a drop-down menu for each listed attribute and click Generate.
   
   

A message appears stating that the CSR was successfully generated and giving the path where it was saved.

3. You are now ready to send your CSR to a CA.
   
   

Uploading a Certificate

To upload your server certificate or CA certificate to the RAC firmware, the certificate must reside on the RAC's host server. You must designate the CSR type, the exact filename, and the absolute file path to the certificate on the server. Then, click Upload.

NOTE: Failure to enter the correct path for the location of the certificate on the host server does not result in a warning message.

1. From the Certificate Management window, select the Upload certificate option and click Next.
   
   

The Upload Certificate window appears.

2. Select the certificate type from the drop-down menu.
   
   

The selections are Server Certificate and CA Certificate.

3. Type the exact path and filename of the certificate to be uploaded.
   
   

NOTE: When you have a fully qualified path or filename that contains spaces, you must place double quotation marks around the string. For example, if your file is contained in c:\security files\certificates\sslcert.cer, you must place the fully qualified path name and filename in double quotations because a space appears between "security" and "files." For example: "c:\security files\certificates\sslcert.cer".

4. Click Upload.
   
   

A message appears stating that the certificate was successfully uploaded to the RAC firmware.

5. Reset the RAC to enable the new certificate.
   
   

NOTE: You must reset the RAC after uploading the certificate to ensure that the new certificate is used.

Viewing a Certificate

The following information is included on both the View Server Certificate and View CA Certificate windows. See Table 6-1.

Table 6-1. Certificate Information 

Configuring Remote Connect Authentication Options

Use the Remote Connect Authentication Options window to set RAC user login authentication options. You can configure the RAC to only allow login by users created thought the Remote Access Service (RAC users), or to allow RAC login by users created both through the Remote Access Service and through the local operating system.

1. Click System→ Main System Chassis→ Remote Access Controller and then click the Security tab.
   
   

The Certificate Management window appears.

2. Click Authentication Options.
   
   

The Remote Connect Authentication Options window appears. There are two configuration options, each proceeded by a check box.

The RAC Authentication check box is selected by default and cannot be deselected. This setting allows login to the RAC by users created through the RAC (RAC users).

Put a check in the Local Operating System Authentication check box to also allow login to the RAC by users created through the local operating system.

3. Click Apply Changes and click OK to save your changes.
   
   

Accessing and Using a Remote Access Controller

To link to the Remote Access Service RAC Log in window from the Server Administrator home page, click the Main System Chassis object, click the Remote Access Controller object, click the Remote Connect tab, and then click Remote Connect. The RAC Log in window appears.

After connecting to the RAC you can monitor and manage your system, including accessing system and session information, managing the RAC configurations, and performing remote access functions on the managed system. See the Dell Remote Access Controller Installation and Setup Guide for instructions on using a RAC.

Back to Contents Page